3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
21.7%
A vulnerability in the report renderer component of TIBCO JasperReports
Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports
Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO
JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with
Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO
Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may
allow a subset of authorized users to perform persistent cross-site
scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server
6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server
Community Edition 6.4.0 and below, TIBCO JasperReports Server for
ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and
below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for
ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with
Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for
AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1;
6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and
below.
Author | Note |
---|---|
msalvatore | “… a malicious user can gain access toa more privileged account.” |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | jasperreports | < any | UNKNOWN |
ubuntu | 16.04 | noarch | jasperreports | < any | UNKNOWN |
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
21.7%